0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding#include "ap_config.h"

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding#define CORE_PRIVATE

3568de757bac0b47256647504c186d17ca272f85rbb#include "httpd.h"

cd8f8c995d415473f3bfb0b329b2450f2a722c3atrawick#include "http_config.h"

3568de757bac0b47256647504c186d17ca272f85rbb#include "http_main.h"

3568de757bac0b47256647504c186d17ca272f85rbb#include "http_log.h"

3568de757bac0b47256647504c186d17ca272f85rbb#include "unixd.h"

3568de757bac0b47256647504c186d17ca272f85rbb#include "mpm_common.h"

98fb535f829e2a95aabd82420931f476661fa8e3jorton#include "os.h"

db12cd62083041bf90945eeb90cc40fbd2340797trawick#include "ap_mpm.h"

db12cd62083041bf90945eeb90cc40fbd2340797trawick#include "apr_thread_proc.h"

db12cd62083041bf90945eeb90cc40fbd2340797trawick#include "apr_strings.h"

333eac96e4fb7d6901cb75e6ca7bb22b2ccb84cetrawick#ifdef HAVE_PWD_H

333eac96e4fb7d6901cb75e6ca7bb22b2ccb84cetrawick#include <pwd.h>

9f979f5c8061f6f6f560d1824e0e378ff5b91931rpluem#endif

3568de757bac0b47256647504c186d17ca272f85rbb#ifdef HAVE_SYS_RESOURCE_H

3568de757bac0b47256647504c186d17ca272f85rbb#include <sys/resource.h>

3568de757bac0b47256647504c186d17ca272f85rbb#endif

3568de757bac0b47256647504c186d17ca272f85rbb#include <sys/stat.h>

3568de757bac0b47256647504c186d17ca272f85rbb#ifdef HAVE_UNISTD_H

3568de757bac0b47256647504c186d17ca272f85rbb#include <unistd.h>

3568de757bac0b47256647504c186d17ca272f85rbb#endif

3568de757bac0b47256647504c186d17ca272f85rbb#ifdef HAVE_GRP_H

3568de757bac0b47256647504c186d17ca272f85rbb#include <grp.h>

3568de757bac0b47256647504c186d17ca272f85rbb#endif

3568de757bac0b47256647504c186d17ca272f85rbb#ifdef HAVE_STRINGS_H

3568de757bac0b47256647504c186d17ca272f85rbb#include <strings.h>

28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz#endif

3568de757bac0b47256647504c186d17ca272f85rbb

28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantzunixd_config_rec unixd_config;

28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz

8f3ec4772d2aeb347cf40e87c77627bb784dd018rbb

8f3ec4772d2aeb347cf40e87c77627bb784dd018rbbstatic int set_group_privs(void)

3d96ee83babeec32482c9082c9426340cee8c44dwrowe{

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding if (!geteuid()) {

b6e310e482c42cc323a28fa6fec653e11e0552e5jorton const char *name;

cd8f8c995d415473f3bfb0b329b2450f2a722c3atrawick

98fb535f829e2a95aabd82420931f476661fa8e3jorton /* Get username if passed as a uid */

f0e395a55abfcad3d2bd7c63470003b08a93d567nd

f0e395a55abfcad3d2bd7c63470003b08a93d567nd if (unixd_config.user_name[0] == '#') {

f0e395a55abfcad3d2bd7c63470003b08a93d567nd struct passwd *ent;

f0e395a55abfcad3d2bd7c63470003b08a93d567nd uid_t uid = atoi(&unixd_config.user_name[1]);

98fb535f829e2a95aabd82420931f476661fa8e3jorton

7cd5419264796cfeaf8215383cf0f89130a81fectrawick if ((ent = getpwuid(uid)) == NULL) {

7cd5419264796cfeaf8215383cf0f89130a81fectrawick ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL,

7cd5419264796cfeaf8215383cf0f89130a81fectrawick "getpwuid: couldn't determine user name from uid %u, "

7cd5419264796cfeaf8215383cf0f89130a81fectrawick "you probably need to modify the User directive",

7cd5419264796cfeaf8215383cf0f89130a81fectrawick (unsigned)uid);

7cd5419264796cfeaf8215383cf0f89130a81fectrawick return -1;

7cd5419264796cfeaf8215383cf0f89130a81fectrawick }

7cd5419264796cfeaf8215383cf0f89130a81fectrawick

3568de757bac0b47256647504c186d17ca272f85rbb name = ent->pw_name;

28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz }

3568de757bac0b47256647504c186d17ca272f85rbb else

3568de757bac0b47256647504c186d17ca272f85rbb name = unixd_config.user_name;

28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz

3568de757bac0b47256647504c186d17ca272f85rbb#if !defined(OS2) && !defined(TPF)

3568de757bac0b47256647504c186d17ca272f85rbb /* OS/2 and TPF don't support groups. */

3568de757bac0b47256647504c186d17ca272f85rbb

3568de757bac0b47256647504c186d17ca272f85rbb /*

3568de757bac0b47256647504c186d17ca272f85rbb if (setgid(unixd_config.group_id) == -1) {

3568de757bac0b47256647504c186d17ca272f85rbb ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL,

936a4025e45887d9f366bf54360c51937b6bcacejim "setgid: unable to set group id to Group %u",

936a4025e45887d9f366bf54360c51937b6bcacejim (unsigned)unixd_config.group_id);

936a4025e45887d9f366bf54360c51937b6bcacejim return -1;

936a4025e45887d9f366bf54360c51937b6bcacejim }

936a4025e45887d9f366bf54360c51937b6bcacejim

936a4025e45887d9f366bf54360c51937b6bcacejim /* Reset `groups' attributes. */

936a4025e45887d9f366bf54360c51937b6bcacejim

936a4025e45887d9f366bf54360c51937b6bcacejim if (initgroups(name, unixd_config.group_id) == -1) {

936a4025e45887d9f366bf54360c51937b6bcacejim ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL,

936a4025e45887d9f366bf54360c51937b6bcacejim "initgroups: unable to set groups for User %s "

936a4025e45887d9f366bf54360c51937b6bcacejim "and Group %u", name, (unsigned)unixd_config.group_id);

3568de757bac0b47256647504c186d17ca272f85rbb return -1;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding }

3568de757bac0b47256647504c186d17ca272f85rbb#endif /* !defined(OS2) && !defined(TPF) */

3568de757bac0b47256647504c186d17ca272f85rbb }

936a4025e45887d9f366bf54360c51937b6bcacejim return 0;

936a4025e45887d9f366bf54360c51937b6bcacejim}

936a4025e45887d9f366bf54360c51937b6bcacejim

3568de757bac0b47256647504c186d17ca272f85rbb

3568de757bac0b47256647504c186d17ca272f85rbbAP_DECLARE(int) unixd_setup_child(void)

3568de757bac0b47256647504c186d17ca272f85rbb{

3568de757bac0b47256647504c186d17ca272f85rbb if (set_group_privs()) {

41634f717c623556a16b27b25d7d909a66fe20f8wrowe return -1;

3568de757bac0b47256647504c186d17ca272f85rbb }

3568de757bac0b47256647504c186d17ca272f85rbb#ifdef MPE

28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz /* Only try to switch if we're running as MANAGER.SYS */

3568de757bac0b47256647504c186d17ca272f85rbb if (geteuid() == 1 && unixd_config.user_id > 1) {

28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz GETPRIVMODE();

3568de757bac0b47256647504c186d17ca272f85rbb if (setuid(unixd_config.user_id) == -1) {

28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz GETUSERMODE();

3568de757bac0b47256647504c186d17ca272f85rbb ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL,

28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz "setuid: unable to change to uid: %ld",

3568de757bac0b47256647504c186d17ca272f85rbb (long) unixd_config.user_id);

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding exit(1);

41634f717c623556a16b27b25d7d909a66fe20f8wrowe }

3568de757bac0b47256647504c186d17ca272f85rbb GETUSERMODE();

3568de757bac0b47256647504c186d17ca272f85rbb }

28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz#else

3568de757bac0b47256647504c186d17ca272f85rbb /* Only try to switch if we're running as root */

28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz if (!geteuid() && (

3568de757bac0b47256647504c186d17ca272f85rbb#ifdef _OSD_POSIX

28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz os_init_job_environment(server_conf, unixd_config.user_name, one_process) != 0 ||

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding#endif

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding setuid(unixd_config.user_id) == -1)) {

28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL,

3568de757bac0b47256647504c186d17ca272f85rbb "setuid: unable to change to uid: %ld",

fc1efab92032301e317f07e1b3a00082d9d71f3frbb (long) unixd_config.user_id);

28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz return -1;

24b534291150023e6b68eca89ddd33e475ccddc0wrowe }

3568de757bac0b47256647504c186d17ca272f85rbb#endif

24b534291150023e6b68eca89ddd33e475ccddc0wrowe return 0;

3568de757bac0b47256647504c186d17ca272f85rbb}

24b534291150023e6b68eca89ddd33e475ccddc0wrowe

24b534291150023e6b68eca89ddd33e475ccddc0wrowe

28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantzAP_DECLARE(const char *) unixd_set_user(cmd_parms *cmd, void *dummy,

3568de757bac0b47256647504c186d17ca272f85rbb const char *arg)

28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz{

28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);

3568de757bac0b47256647504c186d17ca272f85rbb if (err != NULL) {

28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz return err;

28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz }

3568de757bac0b47256647504c186d17ca272f85rbb

28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz unixd_config.user_name = arg;

28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz unixd_config.user_id = ap_uname2id(arg);

3568de757bac0b47256647504c186d17ca272f85rbb#if !defined (BIG_SECURITY_HOLE) && !defined (OS2)

28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz if (unixd_config.user_id == 0) {

3568de757bac0b47256647504c186d17ca272f85rbb return "Error:\tApache has not been designed to serve pages while\n"

3568de757bac0b47256647504c186d17ca272f85rbb "\trunning as root. There are known race conditions that\n"

3568de757bac0b47256647504c186d17ca272f85rbb "\twill allow any local user to read any file on the system.\n"

3568de757bac0b47256647504c186d17ca272f85rbb "\tIf you still desire to serve pages as root then\n"

3568de757bac0b47256647504c186d17ca272f85rbb "\tadd -DBIG_SECURITY_HOLE to the EXTRA_CFLAGS line in your\n"

3568de757bac0b47256647504c186d17ca272f85rbb "\tsrc/Configuration file and rebuild the server. It is\n"

28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz "\tstrongly suggested that you instead modify the User\n"

28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz "\tdirective in your httpd.conf file to list a non-root\n"

28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz "\tuser.\n";

28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz }

3568de757bac0b47256647504c186d17ca272f85rbb#endif

3568de757bac0b47256647504c186d17ca272f85rbb

3568de757bac0b47256647504c186d17ca272f85rbb return NULL;

3568de757bac0b47256647504c186d17ca272f85rbb}

3568de757bac0b47256647504c186d17ca272f85rbb

3568de757bac0b47256647504c186d17ca272f85rbbAP_DECLARE(const char *) unixd_set_group(cmd_parms *cmd, void *dummy,

3568de757bac0b47256647504c186d17ca272f85rbb const char *arg)

28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz{

3568de757bac0b47256647504c186d17ca272f85rbb const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);

3568de757bac0b47256647504c186d17ca272f85rbb if (err != NULL) {

3568de757bac0b47256647504c186d17ca272f85rbb return err;

3568de757bac0b47256647504c186d17ca272f85rbb }

3568de757bac0b47256647504c186d17ca272f85rbb

3568de757bac0b47256647504c186d17ca272f85rbb unixd_config.group_id = ap_gname2id(arg);

3568de757bac0b47256647504c186d17ca272f85rbb

3568de757bac0b47256647504c186d17ca272f85rbb return NULL;

3568de757bac0b47256647504c186d17ca272f85rbb}

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefieldingAP_DECLARE(void) unixd_pre_config(apr_pool_t *ptemp)

3568de757bac0b47256647504c186d17ca272f85rbb{

239f998fbee5ac5b114b965bb76e217cce0003edstoddard apr_finfo_t wrapper;

78ae889ffe0fdfab72f56c6993b0f302cb48da55rbb

3568de757bac0b47256647504c186d17ca272f85rbb unixd_config.user_name = DEFAULT_USER;

6653a33e820463abd4f81915b7a1eba0f602e200brianp unixd_config.user_id = ap_uname2id(DEFAULT_USER);

6653a33e820463abd4f81915b7a1eba0f602e200brianp unixd_config.group_id = ap_gname2id(DEFAULT_GROUP);

6653a33e820463abd4f81915b7a1eba0f602e200brianp

41634f717c623556a16b27b25d7d909a66fe20f8wrowe /* Check for suexec */

41634f717c623556a16b27b25d7d909a66fe20f8wrowe unixd_config.suexec_enabled = 0;

6653a33e820463abd4f81915b7a1eba0f602e200brianp if ((apr_stat(&wrapper, SUEXEC_BIN,

3568de757bac0b47256647504c186d17ca272f85rbb APR_FINFO_NORM, ptemp)) != APR_SUCCESS) {

ad83978f20c7d1a4323059d9af122e56fcd353bdstoddard return;

6653a33e820463abd4f81915b7a1eba0f602e200brianp }

7cd5419264796cfeaf8215383cf0f89130a81fectrawick

3568de757bac0b47256647504c186d17ca272f85rbb /* XXX - apr_stat is incapable of checking suid bits (grumble) */

6653a33e820463abd4f81915b7a1eba0f602e200brianp /* if ((wrapper.filetype & S_ISUID) && wrapper.user == 0) { */

6653a33e820463abd4f81915b7a1eba0f602e200brianp unixd_config.suexec_enabled = 1;

64c351fd973428b5bb4c28e983fa86875ea4e60fdougm /* } */

64c351fd973428b5bb4c28e983fa86875ea4e60fdougm}

cd8f8c995d415473f3bfb0b329b2450f2a722c3atrawick

36c8049de63c446926139936c3d195330a0539cetrawick

3568de757bac0b47256647504c186d17ca272f85rbbAP_DECLARE(void) unixd_set_rlimit(cmd_parms *cmd, struct rlimit **plimit,

dd028aa8111afb6534fece555e8c2d408894671etrawick const char *arg, const char * arg2, int type)

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding{

e8f95a682820a599fe41b22977010636be5c2717jim#if (defined(RLIMIT_CPU) || defined(RLIMIT_DATA) || defined(RLIMIT_VMEM) || defined(RLIMIT_NPROC) || defined(RLIMIT_AS)) && APR_HAVE_STRUCT_RLIMIT && APR_HAVE_GETRLIMIT

28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz char *str;

ca53a74f4012a45cbad48e940eddf27d866981f9dougm struct rlimit *limit;

ca53a74f4012a45cbad48e940eddf27d866981f9dougm /* If your platform doesn't define rlim_t then typedef it in ap_config.h */

ca53a74f4012a45cbad48e940eddf27d866981f9dougm rlim_t cur = 0;

dd028aa8111afb6534fece555e8c2d408894671etrawick rlim_t max = 0;

dd028aa8111afb6534fece555e8c2d408894671etrawick

6653a33e820463abd4f81915b7a1eba0f602e200brianp *plimit = (struct rlimit *)apr_pcalloc(cmd->pool, sizeof(**plimit));

6653a33e820463abd4f81915b7a1eba0f602e200brianp limit = *plimit;

6653a33e820463abd4f81915b7a1eba0f602e200brianp if ((getrlimit(type, limit)) != 0) {

6653a33e820463abd4f81915b7a1eba0f602e200brianp *plimit = NULL;

6653a33e820463abd4f81915b7a1eba0f602e200brianp ap_log_error(APLOG_MARK, APLOG_ERR, errno, cmd->server,

6653a33e820463abd4f81915b7a1eba0f602e200brianp "%s: getrlimit failed", cmd->cmd->name);

6653a33e820463abd4f81915b7a1eba0f602e200brianp return;

6653a33e820463abd4f81915b7a1eba0f602e200brianp }

6653a33e820463abd4f81915b7a1eba0f602e200brianp

6653a33e820463abd4f81915b7a1eba0f602e200brianp if ((str = ap_getword_conf(cmd->pool, &arg))) {

6653a33e820463abd4f81915b7a1eba0f602e200brianp if (!strcasecmp(str, "max")) {

6653a33e820463abd4f81915b7a1eba0f602e200brianp cur = limit->rlim_max;

6653a33e820463abd4f81915b7a1eba0f602e200brianp }

6653a33e820463abd4f81915b7a1eba0f602e200brianp else {

6653a33e820463abd4f81915b7a1eba0f602e200brianp cur = atol(str);

6653a33e820463abd4f81915b7a1eba0f602e200brianp }

cd8f8c995d415473f3bfb0b329b2450f2a722c3atrawick }

cd8f8c995d415473f3bfb0b329b2450f2a722c3atrawick else {

cd8f8c995d415473f3bfb0b329b2450f2a722c3atrawick ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, cmd->server,

239f998fbee5ac5b114b965bb76e217cce0003edstoddard "Invalid parameters for %s", cmd->cmd->name);

3568de757bac0b47256647504c186d17ca272f85rbb return;

3568de757bac0b47256647504c186d17ca272f85rbb }

3568de757bac0b47256647504c186d17ca272f85rbb

12901074f5d6b36d08be84d8637b6f2c21e0da26trawick if (arg2 && (str = ap_getword_conf(cmd->pool, &arg2))) {

c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard max = atol(str);

c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard }

3568de757bac0b47256647504c186d17ca272f85rbb

28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz /* if we aren't running as root, cannot increase max */

48d2edbfb84e5559b5da0f8d614ccab805cc67a8rbb if (geteuid()) {

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding limit->rlim_cur = cur;

c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard if (max) {

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, cmd->server,

f2e009134c7e279f99dfca5bd421f721bf1f7840jorton "Must be uid 0 to raise maximum %s", cmd->cmd->name);

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding }

3568de757bac0b47256647504c186d17ca272f85rbb }

3568de757bac0b47256647504c186d17ca272f85rbb else {

3568de757bac0b47256647504c186d17ca272f85rbb if (cur) {

3568de757bac0b47256647504c186d17ca272f85rbb limit->rlim_cur = cur;

3568de757bac0b47256647504c186d17ca272f85rbb }

c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard if (max) {

c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard limit->rlim_max = max;

28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz }

28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz }

c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard#else

9f979f5c8061f6f6f560d1824e0e378ff5b91931rpluem

9f979f5c8061f6f6f560d1824e0e378ff5b91931rpluem ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, cmd->server,

9f979f5c8061f6f6f560d1824e0e378ff5b91931rpluem "Platform does not support rlimit for %s", cmd->cmd->name);

9f979f5c8061f6f6f560d1824e0e378ff5b91931rpluem#endif

9f979f5c8061f6f6f560d1824e0e378ff5b91931rpluem}

9f979f5c8061f6f6f560d1824e0e378ff5b91931rpluem

9f979f5c8061f6f6f560d1824e0e378ff5b91931rpluemAPR_HOOK_STRUCT(

9f979f5c8061f6f6f560d1824e0e378ff5b91931rpluem APR_HOOK_LINK(get_suexec_identity)

9f979f5c8061f6f6f560d1824e0e378ff5b91931rpluem)

83a5021aef5ebb67395b93f75df4fd0f0b4fc8c8fuankg

c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddardAP_IMPLEMENT_HOOK_RUN_FIRST(ap_unix_identity_t *, get_suexec_identity,

9f979f5c8061f6f6f560d1824e0e378ff5b91931rpluem (const request_rec *r), (r), NULL)

c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard

c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddardstatic apr_status_t ap_unix_create_privileged_process(

c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard apr_proc_t *newproc, const char *progname,

c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard const char * const *args,

f2e009134c7e279f99dfca5bd421f721bf1f7840jorton const char * const *env,

c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard apr_procattr_t *attr, ap_unix_identity_t *ugid,

c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard apr_pool_t *p)

c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard{

c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard int i = 0;

28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz const char **newargs;

c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard char *newprogname;

c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard char *execuser, *execgroup;

3568de757bac0b47256647504c186d17ca272f85rbb

3568de757bac0b47256647504c186d17ca272f85rbb if (!unixd_config.suexec_enabled) {

cd8f8c995d415473f3bfb0b329b2450f2a722c3atrawick return apr_proc_create(newproc, progname, args, env, attr, p);

7cd5419264796cfeaf8215383cf0f89130a81fectrawick }

7cd5419264796cfeaf8215383cf0f89130a81fectrawick

7cd5419264796cfeaf8215383cf0f89130a81fectrawick execuser = apr_psprintf(p, "%ld", (long) ugid->uid);

7cd5419264796cfeaf8215383cf0f89130a81fectrawick execgroup = apr_psprintf(p, "%ld", (long) ugid->gid);

e8f95a682820a599fe41b22977010636be5c2717jim

98cd3186185bb28ae6c95a3f159899fcf56a663ftrawick if (!execuser || !execgroup) {

cd8f8c995d415473f3bfb0b329b2450f2a722c3atrawick return APR_ENOMEM;

cd8f8c995d415473f3bfb0b329b2450f2a722c3atrawick }

3568de757bac0b47256647504c186d17ca272f85rbb

a72ba68ecbbc61e4b513e50d6000245c33f753dcwrowe i = 0;

64c351fd973428b5bb4c28e983fa86875ea4e60fdougm if (args) {

c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard while (args[i]) {

28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz i++;

64c351fd973428b5bb4c28e983fa86875ea4e60fdougm }

64c351fd973428b5bb4c28e983fa86875ea4e60fdougm }

3cbd177a6c885562f9ad0cf11695f044489c881dgregames newargs = apr_palloc(p, sizeof(char *) * (i + 4));

dd028aa8111afb6534fece555e8c2d408894671etrawick newprogname = SUEXEC_BIN;

c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard newargs[0] = SUEXEC_BIN;

3cbd177a6c885562f9ad0cf11695f044489c881dgregames newargs[1] = execuser;

3cbd177a6c885562f9ad0cf11695f044489c881dgregames newargs[2] = execgroup;

3cbd177a6c885562f9ad0cf11695f044489c881dgregames newargs[3] = apr_pstrdup(p, progname);

c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard

5a0f707b48da7703cbe6bc087f13a6735b1c742dgregames i = 0;

28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz do {

5a0f707b48da7703cbe6bc087f13a6735b1c742dgregames newargs[i + 4] = args[i];

5a0f707b48da7703cbe6bc087f13a6735b1c742dgregames } while (args[i++]);

5a0f707b48da7703cbe6bc087f13a6735b1c742dgregames

c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard return apr_proc_create(newproc, newprogname, newargs, env, attr, p);

64c351fd973428b5bb4c28e983fa86875ea4e60fdougm}

64c351fd973428b5bb4c28e983fa86875ea4e60fdougm

28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantzAP_DECLARE(apr_status_t) ap_os_create_privileged_process(

c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard const request_rec *r,

ad83978f20c7d1a4323059d9af122e56fcd353bdstoddard apr_proc_t *newproc, const char *progname,

7cd5419264796cfeaf8215383cf0f89130a81fectrawick const char * const *args,

7cd5419264796cfeaf8215383cf0f89130a81fectrawick const char * const *env,

7cd5419264796cfeaf8215383cf0f89130a81fectrawick apr_procattr_t *attr, apr_pool_t *p)

7cd5419264796cfeaf8215383cf0f89130a81fectrawick{

7cd5419264796cfeaf8215383cf0f89130a81fectrawick ap_unix_identity_t *ugid = ap_run_get_suexec_identity(r);

7cd5419264796cfeaf8215383cf0f89130a81fectrawick

7cd5419264796cfeaf8215383cf0f89130a81fectrawick if (ugid == NULL) {

7cd5419264796cfeaf8215383cf0f89130a81fectrawick return apr_proc_create(newproc, progname, args, env, attr, p);

7cd5419264796cfeaf8215383cf0f89130a81fectrawick }

7cd5419264796cfeaf8215383cf0f89130a81fectrawick

7cd5419264796cfeaf8215383cf0f89130a81fectrawick return ap_unix_create_privileged_process(newproc, progname, args, env,

7cd5419264796cfeaf8215383cf0f89130a81fectrawick attr, ugid, p);

7cd5419264796cfeaf8215383cf0f89130a81fectrawick}

7cd5419264796cfeaf8215383cf0f89130a81fectrawick

7cd5419264796cfeaf8215383cf0f89130a81fectrawick